4
60%
master: 60%

Ran 17 Aug 2017 08:54PM UTC

Files 130

Run time 11s

Badge

Embed ▾

Committed 17 Aug 2017 06:06PM UTC coverage: 34.506% (-0.03%) from 34.531%

Job # COMPILER=clang++-3.6 GCOV=/usr/bin/gcov

Build Type

push

travis-ci

Committed by

Minoru

Commit Message

Sanitize inputs to bookmark-cmd (#591)

Newsbeuter didn't properly shell-escape the arguments passed to
bookmarking command, which allows a remote attacker to perform remote
code execution by crafting an RSS item whose title and/or URL contain
something interpretable by the shell (most notably subshell
invocations.)

This has been reported by Jeriko One <jeriko.one@gmx.us>, complete with
PoC and a patch.

This vulnerability was assigned CVE-2017-12904.

Coverage Stats

4148 of 12021 relevant lines covered (34.51%)

141.99 hits per line

akrennmair / newsbeuter / 959 / 4
60%
master: 60%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 959.4 (COMPILER=clang++-3.6 GCOV=/usr/bin/gcov)

akrennmair / newsbeuter / 959 / 4 60% master: 60%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 959.4 (COMPILER=clang++-3.6 GCOV=/usr/bin/gcov)

akrennmair / newsbeuter / 959 / 4
60%
master: 60%

README BADGES
x